SSH with ed25519

NIIBE Yutaka gniibe at fsij.org
Wed Aug 12 15:46:27 CEST 2015


Hello,

I forgot when I tested OpenSSH with Ed25519, it worked at that
time.  Today, I needed a patch like this:

diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index 2a3037c..7526634 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -1964,6 +1964,11 @@ ssh_key_to_blob (gcry_sexp_t sexp, int with_secret,
               err = gpg_error (GPG_ERR_INV_SEXP);
               goto out;
             }
+	  if (data[0] == 0x40)
+	    {
+	      data++;
+	      datalen--;
+	    }
           err = stream_write_string (stream, data, datalen);
           if (err)
             goto out;


The above fix is not quite right (I think that always removing the
prefix is right), but I'm not sure if there's existing old keys.


In the git commit log, I found following change.  I think that after
this change, we need to remove prefix when sending to SSH.


commit 557cc11a605dd280d03c52d8b546deed8c4c714d
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Jul 24 16:16:53 2014 +0200

    gpg: Switch to an EdDSA format with prefix byte.

    * g10/keygen.c (gen_ecc): USe "comp" for EdDSA.

-- 



More information about the Gnupg-devel mailing list